Cited By
View all- Klenze TSprenger CBasin D(2023)IsaNetJournal of Computer Security10.3233/JCS-22002131:3(217-259)Online publication date: 1-Jan-2023
- Show More Cited By
Verified interoperable implementations of security protocols
Authors: 
Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, and Stephen TseAuthors Info & Claims
Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, and Stephen TseAuthors Info & ClaimsArticle No.: 5, Pages 1 - 61
Abstract
We present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and interoperability testing. The symbolic implementation is for debugging and formal verification. We develop our approach for protocols written in F#, a dialect of ML, and verify them by compilation to ProVerif, a resolution-based theorem prover for cryptographic protocols. We establish the correctness of this compilation scheme, and we illustrate our approach with protocols for Web Services security.
References
[1]
Abadi, M. and Fournet, C. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01). 104--115.
[2]
Abadi, M. and Gordon, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inform. Comput. 148, 1--70.
[3]
Abadi, M. and Rogaway, P. 2002. Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptol. 15, 2, 103--127.
[4]
Allamigeon, X. and Blanchet, B. 2005. Reconstruction of attacks against cryptographic protocols. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05). 140--154.
[5]
Apache Software Foundation 2006. Apache WSS4J. Apache Software Foundation. http://ws.apache.org/wss4j/.
[6]
Askarov, A. and Sabelfeld, A. 2005. Security-typed languages for implementation of cryptographic protocols: A case study. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05). Lecture Notes in Computer Science, vol. 3679. Springer, 197--221.
[7]
Backes, M., Pfitzmann, B., and Waidner, M. 2003. A composable cryptographic library with nested operations. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM Press, 220--230.
[8]
Berry, G. and Boudol, G. 1990. The chemical abstract machine. In Proceedings of the 17th ACM Symposium on Principles of Programming Languages (POPL'90). 81--94.
[9]
Bhargavan, K., Corin, R., Fournet, C., and Gordon, A. D. 2007c. Secure sessions for Web services. ACM Trans. Inform. Syst. Secur. 10, 2, Article 8.
[10]
Bhargavan, K., Fournet, C., Corin, R., and Zălinescu, E. 2008b. Cryptographically verified implementations for TLS. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). 459--468.
[11]
Bhargavan, K., Fournet, C., and Gordon, A. D. 2004b. Verifying policy-based security for Web services. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). 268--277.
[12]
Bhargavan, K., Fournet, C., and Gordon, A. D. 2005. A semantics for Web services authentication. Theor. Comput. Sci. 340, 1, 102--153.
[13]
Bhargavan, K., Fournet, C., and Gordon, A. D. 2006b. Verified reference implementations of WS-Security protocols. In Proceedings of the 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006). Lecture Notes in Computer Science, vol. 4184. Springer, 88--106.
[14]
Bhargavan, K., Fournet, C., Gordon, A. D., and Pucella, R. 2004a. TulaFale: A security tool for Web services. In Proceedings of the International Symposium on Formal Methods for Components and Objects (FMCO'03). Lecture Notes in Computer Science, vol. 3188. Springer, 197--222.
[15]
Bhargavan, K., Fournet, C., Gordon, A. D., and Swamy, N. 2008a. Verified implementations of the Information Card federated identity-management protocol. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). 123--135.
[16]
Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2006a. Verified interoperable implementations of security protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). 139--152.
[17]
Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2007a. Verified interoperable implementations of security protocols. In Software System Reliability and Security. IOS Press, 87--115.
[18]
Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2007b. Verified interoperable implementations of security protocols. Tech. rep. MSR-TR-2006-46, Microsoft Research.
[19]
Blanchet, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 82--96.
[20]
Blanchet, B. 2007. Computationally sound mechanized proofs of correspondence assertions. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07). 97--111.
[21]
Blanchet, B., Abadi, M., and Fournet, C. 2005. Automated verification of selected equivalences for security protocols. In Proceedings of the 20th IEEE Symposium on Logic in Computer Science (LICS'05). 331--340.
[22]
Blanchet, B. and Podelski, A. 2005. Verification of cryptographic protocols: Tagging enforces termination. Theor. Comput. Sci. 333, 1-2, 67--90.
[23]
Bodei, C., Buchholtz, M., Degano, P., and Nielson, F. 2003. Automatic validation of protocol narration. In Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW'03). 126--140.
[24]
Dolev, D. and Yao, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theor. IT--29, 2, 198--208.
[25]
Eastlake, D., Reagle, J., Imamura, T., Dillaway, B., and Simon, E. 2002. XML Encryption Syntax and Processing. W3C. W3C Recommendation.
[26]
Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., and Simon, E. 2002. XML-Signature Syntax and Processing. W3C. W3C Recommendation.
[27]
Fournet, C. and Gonthier, G. 2005. A hierarchy of equivalences for asynchronous calculi. J. Logic Algeb. Program. 63, 131--173.
[28]
Galois Connections. 2005. Cryptol Reference Manual. Galois Connections.
[29]
Giambiagi, P. and Dam, M. 2004. On the secure implementation of security protocols. Sci. Comput. Program. 50, 73--99.
[30]
Gordon, A. D. and Pucella, R. 2002. Validating a Web service security abstraction by typing. In Proceedings of the ACM workshop on XML Security. 18--29.
[31]
Goubault-Larrecq, J. and Parrennes, F. 2005. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05). Lecture Notes in Computer Science, vol. 3385. Springer, 363--379.
[32]
Guttman, J. D., Herzog, J. C., Ramsdell, J. D., and Sniffen, B. T. 2005. Programming cryptographic protocols. In Proceedings of the Conference Trusted Global Computing (TGC'05). Lecture Notes in Computer Science, vol. 3705. Springer, 116--145.
[33]
IBM Corporation. 2006. IBM WebSphere Application Server. IBM Corporation. http://www.ibm.com/software/websphere/.
[34]
Kleiner, E. and Roscoe, A. W. 2004. Web services security: A preliminary study using Casper and FDR. In Proceedings of the Conference Automated Reasoning for Security Protocol Analysis (ARSPA 04).
[35]
Kleiner, E. and Roscoe, A. W. 2005. On the relationship between Web services security and traditional protocols. In Proceedings of the Conference Mathematical Foundations of Programming Semantics (MFPS).
[36]
Lukell, S., Veldman, C., and Hutchison, A. C. M. 2003. Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework. In Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC).
[37]
Merro, M. and Sangiorgi, D. 1998. On asynchrony in name-passing calculi. In Proceedings of the Conference Automata, Languages and Programming (ICALP'98). Lecture Notes in Computer Science, vol. 1443. Springer, 856--867.
[38]
Microsoft Corporation. 2004. Web Services Enhancements (WSE) 2.0. Microsoft Corporation. http://msdn.microsoft.com/webservices/building/wse/default.aspx.
[39]
Microsoft Corporation. 2005. F#. Microsoft Corporation. http://research.microsoft.com/fsharp/.
[40]
Microsoft Corporation. 2006. Windows Communication Foundation (WCF). Microsoft Corporation. http://wcf.netfx3.com/.
[41]
Microsoft Corporation. 2007. FS2PV: A Cryptographic-Protocol Verifier for F#. Microsoft Corporation. http://research.microsoft.com/projects/samoa/.
[42]
Milner, R. 1992. Functions as processes. Math. Struct. Comput. Sci. 2, 2, 119--141.
[43]
Milner, R. 1999. Communicating and Mobile Systems: The π-Calculus. CUP.
[44]
Muller, F. and Millen, J. 2001. Cryptographic protocol generation from CAPSL. Tech. rep. SRI-CSL-01-07, SRI.
[45]
Needham, R. and Schroeder, M. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993--999.
[46]
OASIS 2004. Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard.
[47]
O'Shea, N. 2006. Elyjah: A security analyzer for Java implementations of communications protocols. Fourth year project report, Computer Science, Division of Informatics, University of Edinburgh.
[48]
Otway, D. and Rees, O. 1987. Efficient and timely mutual authentication. Oper. Syst. Rev. 21, 1, 8--10.
[49]
Perrig, A., Song, D., and Phan, D. 2001. AGVI -- automatic generation, verification, and implementation of security protocols. In Proceedings of the 13th Conference on Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer, 241--245.
[50]
Pozza, D., Sisto, R., and Durante, L. 2004. Spi2Java: automatic cryptographic protocol Java code generation from spi calculus. In Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). Vol. 1. 400--405.
[51]
Sumii, E. and Pierce, B. C. 2001. Logical relations for encryption. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 256--269.
[52]
Sumii, E. and Pierce, B. C. 2004. A bisimulation for dynamic sealing. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL'04). 161--172.
[53]
W3C 2003. SOAP Version 1.2. W3C. W3C Recommendation.
[54]
W3C 2004. Web Services Addressing (WS-Addressing). W3C. W3C Member Submission.
[55]
Woo, T. and Lam, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 178--194.
Index Terms
- Verified interoperable implementations of security protocols
Recommendations
Verified Interoperable Implementations of Security Protocols
CSFW '06: Proceedings of the 19th IEEE workshop on Computer Security FoundationsWe present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and ...
Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and SecurityAbstractSecure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...
Verifying policy-based security for web services
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityWS-SecurityPolicy is a declarative configuration language for driving web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy, and propose a more abstract link language for specifying the security goals of web services and ...
Comments
Information & Contributors
Information
Published In
Copyright © 2008 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 December 2008
Accepted: 01 January 2008
Received: 01 November 2007
Published in TOPLAS Volume 31, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations43Total Citations
- 954Total Downloads
- Downloads (Last 12 months)59
- Downloads (Last 6 weeks)9
Other Metrics
Citations
Cited By
View all- Klenze TSprenger CBasin D(2023)IsaNetJournal of Computer Security10.3233/JCS-22002131:3(217-259)Online publication date: 1-Jan-2023
- Arquint LSchwerhoff MMehta VMüller PMeng WJensen CCremers CKirda E(2023)A Generic Methodology for the Modular Verification of Security Protocol ImplementationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623105(1377-1391)Online publication date: 15-Nov-2023
- Nasrabadi FKünnemann RNemati HMeng WJensen CCremers CKirda E(2023)CryptoBap: A Binary Analysis Platform for Cryptographic ProtocolsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623090(1362-1376)Online publication date: 15-Nov-2023
- Arquint LWolf FLallemand JSasse RSprenger CWiesner SBasin DMüller P(2023)Sound Verification of Security Protocols: From Design to Interoperable Implementations2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179325(1077-1093)Online publication date: May-2023
- Sivelle CDebbah LPuys MLafourcade PFranco-Rondisson T(2022)Automatic Implementations Synthesis of Secure Protocols and Attacks from Abstract ModelsSecure IT Systems10.1007/978-3-031-22295-5_13(234-252)Online publication date: 30-Nov-2022
- Barbosa MBarthe GBhargavan KBlanchet BCremers CLiao KParno B(2021)SoK: Computer-Aided Cryptography2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00008(777-795)Online publication date: May-2021
- Bhargavan KBichhawat ADo QHosseyni PKüsters RSchmitz GWürtele T(2021)$\text{DY}^{\star}$: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00042(523-542)Online publication date: Sep-2021
- He XLiu QChen SHuang CWang DMeng B(2020)Analyzing Security Protocol Web Implementations Based on Model Extraction With Applied PI CalculusIEEE Access10.1109/ACCESS.2020.29716158(26623-26636)Online publication date: 2020
- Show More Cited By
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in